Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local file-parsing flaw needing a user to open malicious content, so AV:L and UI:R with PR:N; successful code execution yields full C/I/A on the affected host.
Primary rating from Vendor (hq).
CVSS VectorVendor: hq
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution.
AnalysisAI
Arbitrary code execution via an out-of-bounds write (CWE-787) affects an industrial control system product covered by CISA ICS advisory ICSA-26-188-06, where an attacker can corrupt memory past an allocated buffer to run code in the context of the affected application. The CVSS 4.0 vector (AV:L/UI:A) indicates the flaw is triggered locally and requires a victim to actively interact - consistent with opening a malicious file or project in engineering/HMI software. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local delivery of malicious content and active user interaction (CVSS AV:L, UI:A): a legitimate operator or engineer must open or process an attacker-supplied file/project/input in the affected ICS application. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score is 8.4 (High), driven by full compromise of the vulnerable system (VC:H/VI:H/VA:H) with low attack complexity and no privileges required - but critically, the vector is AV:L (local) and UI:A (active user interaction required), meaning this is NOT a remotely-reachable, unauthenticated network exploit. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious project, configuration, or data file that triggers the out-of-bounds write when parsed, then delivers it to an engineer or operator (e.g., via email, USB, or a shared repository). When the victim opens the file in the affected ICS application on their workstation, the corrupted memory write executes attacker-controlled code in the context of that application. … |
| Remediation | Apply the vendor-provided update referenced in CISA advisory ICSA-26-188-06 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06); no exact fixed version was included in the source data, so confirm the patched release directly from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify systems running the affected ICS product per CISA ICSA-26-188-06; contact vendor for patch timeline; notify engineering teams of attack vector. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42120
GHSA-r42h-hrr3-8vrv